11.1.1 Inputs to Risk Management Planning

.1 Project charter. The project charter is discussed in Section 5.1.3.1.

.2 Organization's risk management policies. Some organizations may have predefined approaches to risk analysis and response that have to be tailored to a particular project.

.3 Defined roles and responsibilities. Predefined roles, responsabilities, and authority levels for decision-making will influence planning.

.4 Stakeholder risk tolerances. Different organizations and different individuals have different tolerances for risk. These may be expressed in policy statements or revealed in actions.

.5 Template for the organizationīs risk management plan. Some organizations have developed templates (or a pro-forma standard) for use by the project team. The organization will continuously improve the template, based on its aplication and usefulness in the project.

.6 Work breakdown structure (WBS). The WBS is described in Section 5.3.3.1.

11.1.2 Tools and Techniques for Risk Identification

.1 Planning meetings. Project teams hold plannings meetings to develop the risk management plan. Attendees include the project manager, the project team leaders, anyone in the organization with responsibility to manage the risk planning and execution activities, key stakeholders, and others, as needed. They use the risk management templates and other inputs as appropriate.

11.1.3 Outputs from Risk Identification

.1 Risk management plan. The risk management plan describes how risk identification, qualitative and quantitative analysis, response planning, monitoring, and control will be structured and performed during the project life cycle. The risk management plan does not address responses to individual risks—this is accomplishedin the risk response plan, wich is discussed in Section 11.5.3.1. The risk management plan may include the following.

   Methodology. Defines the approaches, tools, and data sources that may be used to perform risk management on this project. Diddrent types of assessments may be appropriate, depending upon the project stage, amount of information availble, and flexibility remaing in risk management.

   Roles and responsabilities. Defines the lead, support, and risk management team membership for each type of action in the risk management plan. Risk management teams organized outside of the project office may be able to perform more independent, unbiased risk analyses off project than those from the sponsoring project team.

   Budgeting. Establishes a budget for risk management for the project.

   Timing. Defines how often the risk management process will be performed throughout the project life cycle. Results should be developed early enough to affect decisions. The decisions should be revisited periodically during project execution.

   Scoring and interpretation. The scoring and interpretation methods appropriate for the type and timing of the qualitative and quantitative risk analysis being performed. Methods and scoring must be determined in advance to ensure consistency.

   Thresholds. The threshold criteria for risks that will be acted upon, by whom, and in what manner. The project owner, customer, or sponsor may have a different risk threshold. The acceptable threshold forms the target against which the project team will measure the effectiveness of the risk response plan execution.

   Reporting formats. Describes the content and format of the risk response plan described in Section 11.5.3.1. Defines how the results of the risk management processes will be documented, analyzed, and communicated to the project team, internal and external stakeholders, sponsors, and others.

   Tracking. Documents how all facets of risk activities will be recorded for the benefit of the current project, future needs, and lessons learned. Documents if and how risk processes will be audited.